Description
This web application is using a caching system. It was possible to identify a common HTTP header that is reflected in the response and will be cached.
Because the value of the HTTP header is reflected in the response, it's possible to forge a malicious cached response that will be later served to victims.
Remediation
The caching key should also include the HTTP header to prevent this type of issues.
References
Related Vulnerabilities
Overly long session timeout in servlet configuration
IBM WebSphere administration console weak password
Spring Boot Misconfiguration: Overly long session timeout
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Contains Out of Scope report-uri Domain